12 releases (5 breaking)
Uses new Rust 2024
| 0.6.1 | Jan 31, 2026 |
|---|---|
| 0.5.2 | Jan 29, 2026 |
| 0.5.1 | Dec 24, 2025 |
| 0.1.1 | Oct 18, 2025 |
#75 in Security
565KB
765 lines
Contains (ELF exe/lib, 525KB) assets/interactor
Judger
A secure and efficient sandboxed code execution engine written in Rust. Ideal for online judges, educational platforms, and other systems requiring isolated execution of untrusted code.
Features
- Resource Limiting: Enforce time and memory limits on the executed process.
- Secure Sandboxing: Utilizes Linux namespaces and seccomp for strong process isolation and system call filtering.
- Flexible Configuration: Easily configure limits, system call policies, and file access.
- Cross-platform: Written in Rust for reliable and efficient execution.
Getting Started
Prerequisites
- Rust toolchain (latest stable recommended)
- Linux environment (for seccomp and namespace features)
Installation
You can install judger from Crates.io:
cargo install judger
Or, you can build it from the source:
git clone https://github.com/harkerhand/judger-rs.git
cd judger-rs
cargo build --release
Example
Here is a simple example of how to use judger to run a command with resource limits:
Make sure to add judger to your Cargo.toml:
[dependencies]
judger = "0.1"
Then, on your main.rs:
use judger::{Config, SeccompRuleName, run};
fn main() {
let config = Config {
exe_path: "hello_world".to_string(),
input_path: "1.in".to_string(),
output_path: "1.out".to_string(),
error_path: "1.err".to_string(),
log_path: "judger.log".to_string(),
seccomp_rule_name: Some(SeccompRuleName::CCpp),
..Default::default()
};
let result = run(&config, None);
println!("{:?}", result);
}
License
This project is licensed under the MIT License - see the LICENSE file for details.
Contributing
Contributions are welcome! Please feel free to submit a pull request or open an issue.
Dependencies
~3.5–4.5MB
~91K SLoC